Managing-DNS

Remark: Managing Networks in Linux: Manipulate DNS

#resources/networking/dns
DNS (Domain Name System) is a core part of internet infrastructure.
While its purpose is to resolve domain names into IP addresses, hackers and sysadmins can manipulate or inspect DNS for reconnaissance, redirection, or debugging.


More info about DNS {Out of Learning Linux scope}


Get Nameserver (NS) Records:

dig hackers-arise.com ns

Sample Output:

06-10-linux-network-27_Jul_2025.png

  • This reveals what servers control DNS for the domain and where they are hosted.

Get Mail Exchange (MX) Records:

dig hackers-arise.com mx

Sample Output:

06-13-linux-network-27_Jul_2025.png

Useful for identifying email infrastructure.
Attackers may use this for phishing or targeting mail servers.


Change Your DNS Server (/etc/resolv.config)

DNS servers are listed in:

/etc/resolv.conf

To manually edit:

  • use your favorite text editor.
leafpad /etc/resolv.conf

Example:

nameserver 8.8.8.8        # Google DNS
nameserver 192.168.181.2  # Local DNS

Order matters: the system checks from top to bottom.

Command-line method:

echo "nameserver 8.8.8.8" > /etc/resolv.conf

06-15-linux-network-27_Jul_2025.png

Note: If using DHCP, this file might be overwritten automatically when the lease renews.


Spoofing with /etc/hosts

The /etc/hosts file lets you override DNS locally by mapping hostnames to IP addresses. This is useful in CTFs when a challenge requires you to access a service by a specific domain name , you can map that domain to the target IP so your browser or tools connect correctly.

Example (requires root):

sudo sh -c 'echo "10.10.10.5 challenge.local" >> /etc/hosts'
sudo nano /etc/host

Notes

  • Changes affect only your machine.
  • Remove or comment out the entry when finished to avoid future confusion.

Open the file:

leafpad /etc/hosts

Example:

127.0.0.1         localhost
127.0.1.1         kali
#  redirected
192.168.23.135   youtube.com

06-15-linux-network-27_Jul_2025.png

USE TAB, not space, between the IP and domain.


What Happens?

Any time this system accesses youtube.com, it will be redirected to 192.168.23.131 — skipping real DNS lookup.


Real-World Use:

Combined with tools like:

  • dnsspoof
  • Ettercap
  • ARP poisoning

You can redirect LAN users to a fake login page or test server.